Webroot® Business Endpoint Protection
Welcome to the Endpoint Protection and management console Discussion Forum!
- 1,134 Topics
- 3,656 Replies
The Sonicwall Antivirus is suddenly identiifying Webroot dowloads as Trojans. Can someone from Webroot please contact Sonicwall to correct this? From what I have read, Java updates and Sophos are also being flagged as Trojans. They are both working with Sonicwall to correct the situation. Can someone from Webroot do the same since it may not be the same signature that is blocking webroot. It does not seem to prevent webroot from working, but it does prevent version updates and fresh installs. Thanks for looking into this.
Hi, I was wondering why my site is always displaying the "endpoints need attention". I cleaned up the computers. I did many full scans after and all of them said Protected and did not show any infected files anymore. But in my console I see the "endpoints need attention, last threat on 11-16-2016 (2 days before)" for the same 2 computers. Is there a way to reset in the console so that they are now viewed as protected? I don't know if you understand my issue...< Thanks !
Hey All, I wanna share my response to a fellow community member and Webroot Ambassador[b]@GryozoK[/b] in a post he made in a private area about Sophos Intercept X and it competing with Webroot. This will be a long post but I'll first place his quote first and then below my actual response due to my experience in vetting out all the "Next-Gen" Antivirus/Endpoint Security products and my real world review of it. I thought this would be beneficial to all the community as it dispels some of what Sophos is actually doing with Intercept X. Here is @GryozoK Post: Sophos says that InteceptX: 1. is ligth-weight agent 2. no agent daily updates 3. can protect against all 24 of the cpu level exploits 4. detects mass encryption (ransomware) 5. cut off connection to the attacking host 6. remediating any encrypted documents using a local mirror image copy All these sayings above seems to be similar to what WSA advantages used to be up until now - and actually WSA cann
Hi folks, We can add the option "shutdown webroot" check here: [url=http://prntscr.com/ico9f6]http://prntscr.com/ico9f6[/url] on the policies manager for the agent, i get a captcha when click on shutdown but is there an option we can set a admin password or PIN when that option is selected? that way only the admin can shut it down.
I work for an MSP and we have Webroot integrated with our Datto RMM software. I have been getting alerts for threats detected but when I go to the device in the Webroot console it just shows a post clean up scan. No threats previously detected. Below is a screenshot that shows an example. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/e0e79e37-e976-4467-b5bd-7e281cd046ea.png[/img] Why is this?
We're a managed service provider located in the US and one of our clients has an office in Hong Kong. We manage endpoints in other countries but haven't had any clients in China. Wanted to see if anyone has had experience with managing Chinese endpoints in the GSM and could share any advice or issues that might come up. Thanks, Dan
Hi Please could someone let me know which specific ports to allow outbound to the following URLs as part of the SecureAnywhere Endpoint Protection setup: [b]Communicating Through a Firewall[/b] If a firewall is in place, please allow Webroot’s path masks through the firewall, as described in the following table. PATHINFORMATION *.prevxinfo.com -- *.prevx.com -- *.amazonaws.com -- *.cloudfront.net -- *.webrootcloudav.com Covers the g-url’s as well as several other target addresses. *.*.webrootcloudav.com Some devices don’t like a single * for urls that contain dots in the value of *. *.p4.webrootcloudav.com For devices that don't like multiple *’s. *.compute.amazonaws.com Covers inbound communication from the Amazon cloud servers. *.webroot.com To be used for future communications *.webrootanywhere.com To be used for future communications Thanks
It would be a lot easier if I could had people to custom groups and just assign groups. There are people that need only access to one site. I have many tech that i would like to include in a group to give full access to all sites. There are many sales and account people i would like to give read only access to everything. If I could use groups at the site level to include all uses in the group it would make life a lot easier to manager when adding additional customers instead of having to manually select everyone's individual permissions.
In the Webroot console, how do we permanently delete a quarantined threat? I see in the front-end user GUI the option to permanently delete from quarantine, but user receives error message that settings are centrally managed. Also, will the "Needs Attention" then clear? On a similar note, if we create an override for a found threat, should the "Needs Attentions" clear or about how long should it take before that status clears? Thanks so much for any input!
Hi I am trying to install a new version of Webroot onto a machine that have previously had an installtion of webroot on them. When I install the new version they old licence key is being used and the PC is reporting into our old MSP's console. I've tried to use the installer with the licence key already and the MSI and manually enter the licence key however it this doesnt seem to work. Any ideas? Thanks Steve
I am trying to use simulations posted here - https://community.webroot.com/unity-api-forum-49/getting-started-with-the-webroot-unity-api-and-postman-274427 to setup Postman to communicate with the Unity API. I am logged in as Admin in the GSM console. However, following the instructions in the Simulation or the GSM Admin Guide documentation, I don't see the [b]API[/b] [b]Access[/b] tab. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/9f3e8b9d-8934-4fd7-8044-e990e5f7d255.png[/img] Based on the tabs, I think I am in the Business Console. Could you please let me know if the API Access is available in the Business Console or should I convert to the Managed Service Provider Console (which if I do, then I can't go back to the Business console)
Webroot Endpoint Protection 220.127.116.11 Citrix Receiver 3.4 Enterprise connecting to a XenApp 6.5 farm Recently we've had a rash of complaints of users whose printers stop working in our XenApp 6.5 environment. We find that the printers are showing offline on the Citrix servers when this happens. In order to stop this, we either have to disable 'Scan files when written or modified' as per CTX218745, or totally remove Webroot from the workstation (whether Windows 7 or 10). Obviously both of these are big security concerns! One of our customers' onsite technicians says he called Webroot on this and was supposedly told that this was a known issue and would be resolved in a future release. Is this actually the case? If so, when will it be resolved?
We have a Windows 7 laptop, where we have installed Webroot SecureAnywhere. Recently, the laptop was assigned to a new hire. The laptop was reformatted, installed again with Windows 7 and configured with a new PC name. Webroot was also reinstalled. Now, on the console, the endpoint appears with the new name. However, the old endpoint name is also listed. What is the best practice in removing the old name from the console. Deactivating? Uninstall the agent via Agent Commands > Agent > Uninstall? We want to make sure the endpoint with new name is not affected as this laptop is now online and in use. Thanks!
I run an MSP and I've been shopping around for a Endpoint antivirus. I recently tried WebRoot. I've installed the end point on two of our inhouse machines. Both of the machine had BSOD errors shortly after. Does anyone have any experience with WebRoot and these problems. Obviously I'm not too keen on rolling this out to my customers.
I am new at using the webroot endpoint security. I had a threat detected on one of my endpoints and I was alerted on the webroot management console dashboard. I clicked on the 1 endpoint protect needs attention to view threat. As usual, it gave me information on the threat and the endpoints affected by the threat. On the very right-hand side, there is a brush icon to clean up the threat. I clicked on to manually clear the threat, all it did was run a scan on that endpoint but it did not remove the threat. The threat is quarantined but it keeps alerting me on the dashboard saying 1 endpoint needs protection. I assumed that I had the ability to manually clear threats on endpoints, but I may be wrong. I had used other endpoint protection software in the past that gave me the ability to manually clear threats on endpoints. If I can get some enlightenment on how threats are cleared, whether if its automatic or manual. I will really appreciate the feedback and responses.
Beginning this morning, our SonicWall gateway antivirus has started blocking the endpoint upgrade to 18.104.22.168 - clearly a false positive signature in the SonicWall AV database. What are the IP address ranges for the Business Endpoint Protection service so that I can add them to my firewall exclude list?
We are starting to see a threat register on our WebRoot Endpoint Protection under Visual Studio that is registering in the malware group System.Monitor.Project.Neptune, which is a key logger. The file name is submain.ghostdoc.codeobjectmodel.dll. Anyone have any insight on whether this is a false positive or not?
Dealing with a line of issues with Webroot and Labtech[Automate:On-Prim]. Just discovering some computers are listed as non-GSM in the Webroot plugin. Why would this be the case they definitly should be and are GSM. Has anyone had this issue, or have resolved this issue and could share.
My ERP software is faitly limited when it comes to hostnames and DNS. I need to add a host to the 'host' file, but Webroot doesnt allow that edit from the command line. Is it possible to shutdown Endpoint Security make my edits and and then restart via the CLI?
We want to demonstrate the need for Webroot to prospective customers who use traditional AV software. So I wrote a simple "ransomware" program that only affects a test folder. It is a compiled .exe program that: [list=1] [*]Reads files one at a time from a test folder (c:userspublicvideos est) [*]Encrypts the file contents. [*]Writes the file to filename.txt.crypt. [*]Deletes the file.[/list]My expectation was that Webroot would see that a new .exe program was encrypting and deleting files and block it, but it did not. I have run the program from a Command Prompt window, from Windows Explorer and from a Desktop shortcut. I also ran this ransomware simulator on a VM protected by a dedicated anti-ransomware program, CryptoDrop, but it, too, allowed the deletions. As I am not an experienced white hat hacker, I am sure I am missiing something. I am aware of KnowBe4's RanSim ransomware simulator, but by now it is well known to signature-based antivirus products. I'd like to be
We have found after some deployments of the newest version that a percentage of clients are having issues with files on Windows file shares. With some clients, Excel spreadsheets are showing as blank upon opening. In our case, every time Webroot is closed, the file share issues go away. We have an open case with Webroot. They have told us this issue was discovered and known (as of this time, it is still not posted on the forum's "Known Issues"), but we received conflicting reports; some techs knew the issue, but other people higher up at that point did not. This pointed to us for a real need for communication within Webroot, as it seems like the left hand may not know what the right hand is doing. At this time, I would actively discourage any MSP or large business client from updating past 22.214.171.124. In fact, my topic is also a request: I need the MSI file from 126.96.36.199 so we may roll back our clients, and more importantly, I nee
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.